# Section 01: Information Security ## Information Security > Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. * ## CIA Triad > Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. ## Non-repudiation > In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction, nor can the other party deny having sent a transaction. ## Attack Classification ### Passive attack > Attacks that do not directly / actively engage with the target system(s). Examples: * Searching google (googling) * Network traffic analysis ### Active attack > Attacks that do directly / active engage with the target system(s). Examples: * Brute forcing * Sending malicious payloads * Web app spidering ### Close-in attack > Attacks where the attacker is physically close to the target system. ### Insider attack > Attacks where the attacker is inside of the organization / infrastructure. Examples: * Shoulder surfing passwords * Misusing privileged access ## Information Warfare > Information warfare (IW) (as different from cyber warfare that attacks computers, software, and command control systems) is a concept involving the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. Examples: * Command and control warfare * Electronic warfare * Hacker warfare Links *